Skip to main content
SpringerLink
Log in

Triggerflow: Regression Testing by Advanced Execution Path Inspection

  • Conference paper
  • First Online:
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11543))

  • 2086 Accesses

Abstract

Cryptographic libraries often feature multiple implementations of primitives to meet both the security needs of handling private information and the performance requirements of modern services when the handled information is public. OpenSSL, the de-facto standard free and open source cryptographic library, includes mechanisms to differentiate the confidential data and its control flow, including run-time flags, designed for hardening against timing side-channels, but repeatedly accidentally mishandled in the past. To analyze and prevent these accidents, we introduce Triggerflow, a tool for tracking execution paths that, assisted by source annotations, dynamically analyzes the binary through the debugger. We validate this approach with case studies demonstrating how adopting our method in the development pipeline would have promptly detected such accidents. We further show-case the value of the tooling by presenting two novel discoveries facilitated by Triggerflow: one leak and one defect.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://gitlab.com/nisec/triggerflow.

  2. 2.

    https://www.ruby-lang.org/en/.

  3. 3.

    https://www.gnu.org/software/gdb/.

  4. 4.

    https://sourceware.org/gdb/onlinedocs/gdb/GDB_002fMI.html.

  5. 5.

    https://savannah.nongnu.org/projects/quilt.

  6. 6.

    https://gitlab.com/nisec/repatcher.

  7. 7.

    https://gitlab.com/nisec/openssl-triggerflow-ci.

  8. 8.

    https://github.com/openssl/openssl/pull/8254.

  9. 9.

    https://github.com/openssl/openssl/pull/8253.

  10. 10.

    https://golang.org/pkg/crypto/elliptic/.

References

  1. Acıiçmez, O., Gueron, S., Seifert, J.-P.: New branch prediction vulnerabilities in OpenSSL and necessary software countermeasures. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 185–203. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77272-9_12

    Chapter  MATH  Google Scholar 

  2. Aldaya, A.C., Brumley, B.B., ul Hassan, S., Pereida García, C., Tuveri, N.: Port contention for fun and profit. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, Proceedings, San Francisco, California, USA, 20–22 May 2019, pp. 1037–1054. IEEE (2019). https://doi.org/10.1109/SP.2019.00066

  3. Aldaya, A.C., Pereida GarcĂ­a, C., Alvarez Tapia, L.M., Brumley, B.B.: Cache-timing attacks on RSA key generation. IACR Cryptology ePrint Archive 2018(367) (2018). https://eprint.iacr.org/2018/367

  4. Allan, T., Brumley, B.B., Falkner, K.E., van de Pol, J., Yarom, Y.: Amplifying side channels through performance degradation. In: Proceedings of 32nd Annual Conference on Computer Security Applications, ACSAC 2016, Los Angeles, CA, USA, 5–9 December 2016, pp. 422–435. ACM (2016). http://doi.acm.org/10.1145/2991079.2991084

  5. Almeida, J.B., Barbosa, M., Barthe, G., Dupressoir, F., Emmi, M.: Verifying constant-time implementations. In: 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, 10–12 August 2016, pp. 53–70. USENIX Association (2016). https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/almeida

  6. Antonopoulos, T., Gazzillo, P., Hicks, M., Koskinen, E., Terauchi, T., Wei, S.: Decomposition instead of self-composition for proving the absence of timing channels. In: Proceedings 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, 18–23 June 2017, pp. 362–375. ACM (2017). https://doi.org/10.1145/3062341.3062378

  7. Balakrishnan, G., Reps, T.W.: WYSINWYX: what you see is not what you execute. ACM Trans. Program. Lang. Syst. 32(6), 23:1–23:84 (2010). https://doi.org/10.1145/1749608.1749612

    Article  Google Scholar 

  8. Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh Aah... Just a Little Bit”: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_5

    Chapter  Google Scholar 

  9. Blazy, S., Pichardie, D., Trieu, A.: Verifying constant-time implementations by abstract interpretation. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10492, pp. 260–277. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66402-6_16

    Chapter  Google Scholar 

  10. Bond, B., et al.: Vale: verifying high-performance cryptographic assembly code. In: 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, 16–18 August 2017, pp. 917–934. USENIX Association (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/bond

  11. Brotzman, R., Liu, S., Zhang, D., Tan, G., Kandemir, M.: CaSym: cache aware symbolic execution for side channel detection and mitigation. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, Proceedings, San Francisco, California, USA, 20–22 May 2019, pp. 364–380. IEEE (2019). https://doi.org/10.1109/SP.2019.00022

  12. Brumley, B.B., Hakala, R.M.: Cache-timing template attacks. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 667–684. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_39

    Chapter  Google Scholar 

  13. Brumley, B.B., Tuveri, N.: Cache-timing attacks and shared contexts. In: Constructive Side-Channel Analysis and Secure Design - 2nd International Workshop, COSADE 2011, Darmstadt, Germany, 24–25 February 2011. Proceedings, pp. 233–242 (2011). https://tutcris.tut.fi/portal/files/15671512/cosade2011.pdf

  14. Cauligi, S., et al.: Fact: a flexible, constant-time programming language. In: IEEE Cybersecurity Development, SecDev 2017, Cambridge, MA, USA, 24–26 September 2017, pp. 69–76. IEEE Computer Society (2017). https://doi.org/10.1109/SecDev.2017.24

  15. Chen, J., Feng, Y., Dillig, I.: Precise detection of side-channel vulnerabilities using quantitative Cartesian Hoare logic. In: Proceedings of 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 875–890. ACM (2017). https://doi.org/10.1145/3133956.3134058

  16. Doychev, G., Köpf, B.: Rigorous analysis of software countermeasures against cache attacks. In: Proceedings of 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, 18–23 June 2017, pp. 406–421. ACM (2017). https://doi.org/10.1145/3062341.3062388

  17. Doychev, G., Köpf, B., Mauborgne, L., Reineke, J.: Cacheaudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. 18(1), 4:1–4:32 (2015). https://doi.org/10.1145/2756550

    Article  Google Scholar 

  18. Gridin, I., Pereida GarcĂ­a, C., Tuveri, N., Brumley, B.B.: Triggerflow. Zenodo, April 2019. https://doi.org/10.5281/zenodo.2645805

  19. Guarnieri, M., Köpf, B., Morales, J.F., Reineke, J., Sánchez, A.: SPECTECTOR: principled detection of speculative information flows. CoRR abs/1812.08639 (2018). http://arxiv.org/abs/1812.08639

  20. Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, Proceedings, San Francisco, California, USA, 20–22 May 2019, pp. 19–37. IEEE (2019). https://doi.org/10.1109/SP.2019.00002

  21. Langley, A.: ctgrind–checking that functions are constant time with Valgrind (2010). https://github.com/agl/ctgrind

  22. Lipp, M., et al.: Meltdown: reading kernel memory from user space. In: 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15–17 August 2018, pp. 973–990. USENIX Association (2018). https://www.usenix.org/conference/usenixsecurity18/presentation/lipp

  23. Maimuţ, D., Murdica, C., Naccache, D., Tibouchi, M.: Fault attacks on projective-to-affine coordinates conversion. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 46–61. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40026-1_4

    Chapter  Google Scholar 

  24. Naccache, D., Smart, N.P., Stern, J.: Projective coordinates leak. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 257–267. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_16

    Chapter  Google Scholar 

  25. Percival, C.: Cache missing for fun and profit. In: BSDCan 2005, Ottawa, Canada, 13–14 May 2005, Proceedings (2005). http://www.daemonology.net/papers/cachemissing.pdf

  26. Pereida García, C., Brumley, B.B.: Constant-time callees with variable-time callers. In: 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, 16–18 August 2017, pp. 83–98. USENIX Association (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/garcia

  27. Pereida García, C., Brumley, B.B., Yarom, Y.: Make sure DSA signing exponentiations really are constant-time. In: Proceedings of 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 1639–1650. ACM (2016). http://doi.acm.org/10.1145/2976749.2978420

  28. van de Pol, J., Smart, N.P., Yarom, Y.: Just a little bit more. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 3–21. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_1

    Chapter  Google Scholar 

  29. Reparaz, O., Balasch, J., Verbauwhede, I.: Dude, is my code constant time? In: Design, Automation & Test in Europe Conference & Exhibition, DATE 2017, Lausanne, Switzerland, 27–31 March 2017, pp. 1697–1702. IEEE (2017). https://doi.org/10.23919/DATE.2017.7927267

  30. Rodrigues, B., Pereira, F.M.Q., Aranha, D.F.: Sparse representation of implicit flows with applications to side-channel detection. In: Proceedings of 25th International Conference on Compiler Construction, CC 2016, Barcelona, Spain, 12–18 March 2016, pp. 110–120. ACM (2016). http://doi.acm.org/10.1145/2892208.2892230

  31. Simon, L., Chisnall, D., Anderson, R.J.: What you get is what you C: controlling side effects in mainstream C compilers. In: 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, London, United Kingdom, 24–26 April 2018, pp. 1–15. IEEE (2018). https://doi.org/10.1109/EuroSP.2018.00009

  32. Takarabt, S., Schaub, A., Facon, A., Guilley, S., Sauvage, L., Souissi, Y., Mathieu, Y.: Cache-Timing attacks still threaten IoT devices. In: Carlet, C., Guilley, S., Nitaj, A., Souidi, E.M. (eds.) C2SI 2019. LNCS, vol. 11445, pp. 13–30. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16458-4_2

    Chapter  Google Scholar 

  33. Tuveri, N., ul Hassan, S., Pereida García, C., Brumley, B.B.: Side-channel analysis of SM2: a late-stage featurization case study. In: Proceedings of 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, 03–07 December 2018, pp. 147–160. ACM (2018). https://doi.org/10.1145/3274694.3274725

  34. Wang, S., Wang, P., Liu, X., Zhang, D., Wu, D.: Cached: identifying cache-based timing channels in production software. In: 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, 16–18 August 2017, pp. 235–252. USENIX Association (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai

  35. Weiser, S., Spreitzer, R., Bodner, L.: Single trace attack against RSA key generation in Intel SGX SSL. In: Proceedings of 2018 on Asia Conference on Computer and Communications Security, AsiaCCS 2018, Incheon, Republic of Korea, 04–08 June 2018, pp. 575–586. ACM (2018). http://doi.acm.org/10.1145/3196494.3196524

  36. Weiser, S., Zankl, A., Spreitzer, R., Miller, K., Mangard, S., Sigl, G.: DATA - differential address trace analysis: finding address-based side-channels in binaries. In: 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15–17 August 2018, pp. 603–620. USENIX Association (2018). https://www.usenix.org/conference/usenixsecurity18/presentation/weiser

  37. Wichelmann, J., Moghimi, A., Eisenbarth, T., Sunar, B.: MicroWalk: A framework for finding side channels in binaries. In: Proceedings of 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, 03–07 December 2018, pp. 161–173. ACM (2018). https://doi.org/10.1145/3274694.3274741

  38. Wu, M., Guo, S., Schaumont, P., Wang, C.: Eliminating timing side-channel leaks using program repair. In: Proceedings of 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, 16–21 July 2018, pp. 15–26. ACM (2018). https://doi.org/10.1145/3213846.3213851

  39. Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: Proceedings of 23rd USENIX Security Symposium, San Diego, CA, USA, 20–22 August 2014, pp. 719–732. USENIX Association (2014). https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom

Download references

Acknowledgments

This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No. 804476).

Author information

Authors and Affiliations

  1. Tampere University, Tampere, Finland

    Iaroslav Gridin, Cesar Pereida García, Nicola Tuveri & Billy Bob Brumley

Authors
  1. Iaroslav Gridin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cesar Pereida GarcĂ­a
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicola Tuveri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Billy Bob Brumley
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Iaroslav Gridin or Billy Bob Brumley .

Editor information

Editors and Affiliations

  1. University of Georgia, Athens, GA, USA

    Roberto Perdisci

  2. University of Rennes, CNRS, IRISA, Rennes, France

    Clémentine Maurice

  3. University of Cagliari, Cagliari, Italy

    Giorgio Giacinto

  4. Chalmers University of Technology, Gothenburg, Sweden

    Magnus Almgren

A OpenSSL Commits

A OpenSSL Commits

  1. 1.

    fe2d3975880e6a89702f18ec58881307bf862542

  2. 2.

    a766aab93a282774e63ba918d0bb1c6680a5f292

  3. 3.

    46a643763de6d8e39ecf6f76fa79b4d04885aa59

  4. 4.

    0ebfcc8f92736c900bae4066040b67f6e5db8edb

  5. 5.

    621eaf49a289bfac26d4cbcdb7396e796784c534

  6. 6.

    b7d0f2834e139a20560d64c73e2565e93715ce2b

  7. 7.

    6364475a990449ef33fc270ac00472f7210220f2

  8. 8.

    a9cfb8c2aa7254a4aa6a1716909e3f8cb78049b6

  9. 9.

    00496b6423605391864fbbd1693f23631a1c5239

  10. 10.

    e913d11f444e0b46ec1ebbf3340813693f4d869d

  11. 11.

    8db7946ee879ce483f4c81141926e1357aa6b941

  12. 12.

    54f007af94b8924a46786b34665223c127c19081

  13. 13.

    6939eab03a6e23d2bd2c3f5e34fe1d48e542e787

  14. 14.

    bd31fb21454609b125ade1ad569ebcc2a2b9b73c

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gridin, I., Pereida GarcĂ­a, C., Tuveri, N., Brumley, B.B. (2019). Triggerflow: Regression Testing by Advanced Execution Path Inspection. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2019. Lecture Notes in Computer Science(), vol 11543. Springer, Cham. https://doi.org/10.1007/978-3-030-22038-9_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-22038-9_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-22037-2

  • Online ISBN: 978-3-030-22038-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation